What do I do if my website has been compromised by using my FTP access details?

A domain can be compromised through harvested FTP access details. Hackers use these credentials for various malicious purposes including spam mailing, hosting of malware and illegal content (for example, phishing, defacing websites, pharmaceutical marketing).

FTP access details are often harvested (retrieved directly from an insecure computer) by means of spyware. Access details can also be harvested from websites directly which have been compromised via other methods (security exploits, SQL injection hacks).

The following steps should be taken if you believe your website has been compromised:

  1. Ensure that the computer used by the administrator of the website has up to date anti-virus software, including anti-spyware, with regular full system scans scheduled
  2. Update all passwords in use by the website including database passwords, CMS related passwords etc
  3. Check your file permissions to ensure you are not using weak permissions
  4. Change the FTP passwords of your account on a regular basis (monthly is recommended)

More information regarding website security is available on our Help Centre.

The repercussions of compromised sites are severe:

  • Blacklisting of servers results in mail delivery failures for all domains hosted on the server.
  • Damage to the reputation of all parties involved.
  • Financial implications including de-listing fees, disrupting business continuity.

It is for these reasons that we take abuse extremely seriously and reserves the right to suspend or cancel, without warning, any service in violation of our abuse policy, whether the abuse was intentional or not.

Microsoft™ has a free safety scanner available to help scan and secure your PC.